Affiliation:
1. Università Politecnica delle Marche, Ancona, Italy
2. Fondazione F3RM1, Milan, Italy
Abstract
Cyber risk assessment requires defined and objective methodologies; otherwise, its results cannot be considered reliable. The lack of quantitative data can be dangerous: if the assessment is entirely qualitative, subjectivity will loom large in the process. Too much subjectivity in the risk assessment process can weaken the credibility of the assessment results and compromise risk management programs. On the other hand, obtaining a sufficiently large amount of quantitative data allowing reliable extrapolations and previsions is often hard or even unfeasible. In this paper, we propose and study a quantitative methodology to assess a potential annualized economic loss risk of a company. In particular, our approach only relies on aggregated empirical data, which can be obtained from several sources. We also describe how the method can be applied to real companies, in order to customize the initial data and obtain reliable and specific risk assessments.
Subject
Computer Networks and Communications,Information Systems
Cited by
9 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Cybersecurity threats in FinTech: A systematic review;Expert Systems with Applications;2024-05
2. Cyber Incidents Risk Assessments Using Feature Analysis;SN Computer Science;2023-11-15
3. Quantitative Risk Analysis with Qualitative Statements;2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA);2023-11-01
4. CAN CYBER RISK OF HEALTH CARE FIRMS BE INSURED? A MULTINOMIAL LOGISTIC REGRESSION MODEL;Journal of Organizational Computing and Electronic Commerce;2023-04-03
5. Cyber Security Compliance Among Remote Workers;Advanced Sciences and Technologies for Security Applications;2023